Towards a Framework for System and Attack Modelling and Mapping of Requirements and Technology for the Internet of Things

Funder

Organizational Unit

Publications

Publication . Sequeiros, João Bernardo Ferreira; Inácio, Pedro Ricardo Morais

The proliferation of Internet of Things (IoT) devices has been expanding several domains, offering unprecedented connectivity and convenience. However, this surge in interconnected devices has brought forth significant security challenges, as constrained budgets and development time leave security in a secondary role, or even non-existent. This is compounded upon by small design and development teams, where security expertise is reduced and lacking, creating a landscape of IoT systems that are unsecured and ripe for attack by malicious actors. The data gathered by these devices, their general lack of security, and the possibility of serving ans entry points to otherwise more secure systems, makes them increasingly tempting targets for exploration and exploitation. This thesis attempts to bridge the gap of aiding in the secure IoT system development, by approaching the issue of security in IoT from a standpoint of low knowledge and/or low expertise in IoT security. The first step towards the main goal is the extensive survey of existing IoT architectures and modeling tools, to aid in identifying the main challenges in secure IoT development and what can be improved or built upon. The second phase advances upon what was surveyed, by proposing an IoT system model that encompasses a large set of IoT ecosystems, and that embeds security in its essence, by identifying, for each system component, what are its critical security requirements, and what are the most attractive targets for an attacker on the given component. This model is complemented by the creation of an attack taxonomy, that attempts to take the most common attacks on IoT, and identifying where in the system those attacks may occur. To further aid the development process and provide a practical substrate to the Doctor of Philosophy (degree) (Ph.D.) work, an attack modeling tool named Attack Trees for IoT (ATIoT) is presented as a means to identify, starting from a system description given through a direct answer questionnaire, the attacks the system may be more susceptible to, providing the user with a set of attack trees, together with detailed node descriptions, of the identified attacks for the described system. Joining ATIoT, other existing tools are mapped to the proposed model, to further aid in identifying where security requirements, best practices, guidelines, security mechanisms and potential threats in an IoT system should be applied or can be found, further enhancing the usefulness of such tools. Motivated by the profound transformation that Artificial Intelligence (AI) is causing in the technological world, and the always fast advancing security area, a series of experiments of applying different AI mechanisms to the developed tools are also detailed herein. They specifically concern the application of classification models to the elicitation of security requirements, and the use of Large Language Models (LLMs) for identifying potential attacks from a textual system description. The thesis presents the results of these experiments, which show the promise of applying such methodologies to the process of security engineering. Main conclusions include achieving the goal of creating a panoply of mechanisms and tools that aid the development of secure IoT systems, that were designed towards being used by developers with low or no security background and expertise. It was also concluded that AI methods can aid in the maintaining of such tools and mechanisms, ensuring their validity in a longer time period, a challenge always present in fast-paced, always evolving areas.

2024-09-04Doctoral thesis

Open access

Recent Trends in Applying TPM to Cloud Computing

Publication . Hosseinzadeh, Shohreh; Sequeiros, Joao B. F.; Inácio, Pedro R. M.; Leppänen, Ville

Trusted platform modules (TPM) have become important safe-guards against variety of software-based attacks. By providing a limited set of cryptographic services through a well-defined interface, separated from the software itself, TPM can serve as a root of trust and as a building block for higher-level security measures. This article surveys the literature for applications of TPM in the cloud-computing environment, with publication dates comprised between 2013 and 2018. It identifies the current trends and objectives of this technology in the cloud, and the type of threats that it mitigates. Toward the end, the main research gaps are pinpointed and discussed. Since integrity measurement is one of the main usages of TPM, special attention is paid to the assessment of run time phases and software layers it is applied to.

2019-11Journal article

Restricted access